Skip to content

Commit 7152357

Browse files
yuvipandayuvipanda
authored
Merge pull request #4067 from yuvipanda/veda-cryho
cryo: Enable access to veda & ghg buckets
2 parents 2b63652 + 63a7a1b commit 7152357

File tree

1 file changed

+24
-57
lines changed

1 file changed

+24
-57
lines changed

terraform/aws/projects/nasa-cryo.tfvars

Lines changed: 24 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,9 @@ hub_cloud_permissions = {
2424
"staging" : {
2525
"user-sa" : {
2626
bucket_admin_access : ["scratch-staging", "persistent-staging"],
27-
# Provides readonly requestor-pays access to usgs-landsat bucket
27+
# Provides readonly requestor-pays access to usgs-landsat bucket,
28+
# veda bucket (https://2i2c.freshdesk.com/a/tickets/1547) and sliderule
29+
# bucket (https://2i2c.freshdesk.com/a/tickets/1508).
2830
# FIXME: We should find a way to allow access to *all* requester pays
2931
# buckets, without having to explicitly list them. However, we don't want
3032
# to give access to all *internal* s3 buckets willy-nilly - this can be
@@ -40,34 +42,17 @@ hub_cloud_permissions = {
4042
"s3:*"
4143
],
4244
"Resource": [
43-
"arn:aws:s3:::usgs-landsat"
44-
]
45-
},
46-
{
47-
"Effect": "Allow",
48-
"Action": [
49-
"s3:*"
50-
],
51-
"Resource": [
52-
"arn:aws:s3:::usgs-landsat/*"
53-
]
54-
},
55-
{
56-
"Effect": "Allow",
57-
"Action": [
58-
"s3:*"
59-
],
60-
"Resource": [
61-
"arn:aws:s3:::sliderule-public"
62-
]
63-
},
64-
{
65-
"Effect": "Allow",
66-
"Action": [
67-
"s3:*"
68-
],
69-
"Resource": [
70-
"arn:aws:s3:::sliderule-public/*"
45+
"arn:aws:s3:::usgs-landsat",
46+
"arn:aws:s3:::usgs-landsat/*",
47+
"arn:aws:s3:::sliderule-public",
48+
"arn:aws:s3:::sliderule-public/*",
49+
"arn:aws:s3:::veda-data-store",
50+
"arn:aws:s3:::veda-data-store/*",
51+
"arn:aws:s3:::veda-data-store-staging",
52+
"arn:aws:s3:::veda-data-store-staging/*",
53+
"arn:aws:s3:::ghgc-data-store",
54+
"arn:aws:s3:::ghgc-data-store/*"
55+
7156
]
7257
}
7358
]
@@ -94,34 +79,16 @@ hub_cloud_permissions = {
9479
"s3:*"
9580
],
9681
"Resource": [
97-
"arn:aws:s3:::usgs-landsat"
98-
]
99-
},
100-
{
101-
"Effect": "Allow",
102-
"Action": [
103-
"s3:*"
104-
],
105-
"Resource": [
106-
"arn:aws:s3:::usgs-landsat/*"
107-
]
108-
},
109-
{
110-
"Effect": "Allow",
111-
"Action": [
112-
"s3:*"
113-
],
114-
"Resource": [
115-
"arn:aws:s3:::sliderule-public"
116-
]
117-
},
118-
{
119-
"Effect": "Allow",
120-
"Action": [
121-
"s3:*"
122-
],
123-
"Resource": [
124-
"arn:aws:s3:::sliderule-public/*"
82+
"arn:aws:s3:::usgs-landsat",
83+
"arn:aws:s3:::usgs-landsat/*",
84+
"arn:aws:s3:::sliderule-public",
85+
"arn:aws:s3:::sliderule-public/*",
86+
"arn:aws:s3:::veda-data-store",
87+
"arn:aws:s3:::veda-data-store/*",
88+
"arn:aws:s3:::veda-data-store-staging",
89+
"arn:aws:s3:::veda-data-store-staging/*",
90+
"arn:aws:s3:::ghgc-data-store",
91+
"arn:aws:s3:::ghgc-data-store/*"
12592
]
12693
}
12794
]

0 commit comments

Comments
 (0)